Embodiments of the present invention generally relate to payment systems. More specifically, embodiments of the present invention relate to payment systems supporting use of mobile electronic devices using onetime user passwords in various types of financial transactions.
Today, merchants and service providers accept many forms of payment. Many merchants will accept cash, credit cards, debit cards, stored-value cards, checks, and/or promotional items such as coupons. All of these forms of payment are often carried by a consumer because some merchants and/or service providers may only accept some of the various possible forms of payment. Sometimes a customer may not pre-plan a visit to a specific merchant and/or service provider, so the consumer may wish to carry the different forms of payment in case the consumer does happen to make an unplanned visit.
This can lead to numerous methods of payments being carried by a consumer on a day-to-day basis. Additionally, a consumer may also need to carry other items regularly such as drivers license, identification cards, loyalty program cards, and membership cards. When a consumer has to carry all of these items, they may also become disorganized and misplaced, causing security concerns, and possibly causing transactions to consume more time.
Additionally, various forms of wireless or contactless devices have been introduced for use in various types of transactions. For example, contactless transaction initiation is often performed with a “smart” card or other device such as a key fob or a mobile device such as a cell phone or Personal Digital Assistant (PDA) containing a memory and a processor. Such a card or device typically also includes Radio-Frequency Identification (“RFID”) or Near-Field Communications (NFC) components for contactless communication with a Point-Of-Sale (POS) device. The information stored in the memory of the device and communicated via the RFID or NFC components to the POS device is generally similar or identical to the information recorded on the magnetic stripe of a card, i.e., account number etc. Thus, in some cases, such devices may be utilized instead of more conventional cards.
Payment systems using NFC and RFID have been criticized for potential security flaws. To ensure greater security and/or to ease the mind of the consumer various security features have been included with payment devices, such as wireless contactless devices. There are address verification services that check the address provided against the billing address with the credit card company. Even some credit cards have a card verification value (CVV) code imprinted on the back or front of the credit card that is not part of the credit card number (VISA™ refers to the code as CVV2, MasterCard™ calls it CVC2, and American Express™ calls it CID). These codes may be used to authenticate that the buyer has the proper CVV code tends to show the buyer physically has the card. Some wireless contactless devices may include biometric scanners and/or passwords as security measures. Other cards and payment devices require the user to select and use a personal identification number (PIN) to authenticate the user. However, compromise of PINs and/or loss of contactless payment devices may result in potential fraudulent uses and may be unsettling to potential consumers.
Purchases made over the Internet introduce unique fraud and security concerns, as a seller does not have the opportunity to physically identify a buyer and to ensure the buyer is entitled to use the financial account selected for payment. The Internet merchant often bears financial responsibility for fraudulent transactions. To help mitigate transaction fraud, payment systems have been introduced that require “two-factor authentication” for in-person purchases at the point-of-sale and for online purchases. Two-factor authentication systems require a buyer to submit two unique data elements associated with the financial account selected for payment (e.g. an account number and a personal identification number). Dynamically generated onetime passwords provide a more effective second authentication factor than a static personal identification number (PIN) or other identifier.
There is a need in the art for improved methods and systems for utilizing mobile electronic devices in with increased security features for various types of financial transactions.